Re: [PATCH 3/8] kvm: vmx: pass MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD down to the guest
From: Paolo Bonzini
Date: Wed Jan 10 2018 - 08:20:29 EST
On 10/01/2018 06:03, Nadav Amit wrote:
>>
>> Of course the code will become something like
>>
>> if (using_ibrs || vmx->spec_ctrl != 0)
>> wrmsrl(MSR_IA32_SPEC_CTRL, host_ibrs);
>>
>> optimizing the case where the host is using retpolines.
> Excuse my ignorance: Can you point me to the specifications that mention âwe
> should set IBRS bit even if it was already set on every #VMExitâ ?
All I have is some PowerPoint slides from Intel. :( They say:
---
A near indirect jump/call/return may be affected by code in a less
privileged prediction mode that executed AFTER IBRS mode was last
written with a value of 1. There is no need to clear IBRS before writing
it with a value of 1. Unconditionally writing it with a value of 1 after
the prediction mode change is sufficient.
VMX non-root is considered a less privileged prediction mode than VM
root. CPL 3 is considered a less privileged prediction mode than CPL0,
1, 2.
Some processors may enhance IBRS such that it isolates prediction modes
effectively and at higher performance if left set instead of being set
when enter OS and VMM and cleared when entering applications. [This is]
enumerated by IA32_ARCH_CAPABILITIES[1].
---
(Yes, it literally says VM root, not VMX root).
But I think this is an awful specification. For two reasons:
* a simple specification that does "IBRS=1 blocks indirect branch
prediction altogether" would actually satisfy the specification just as
well, and it would be nice to know if that's what the processor actually
does.
* the future case with enhanced IBRS still requires the expensive IBPB
when switching between applications or between guests, where the
PCID/VPID (and PCID/VPID invalidation) could be used to remove that need.
Paolo